If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Mac OS X Security Challenge

U of Wisconsin's Mac OS X Security Challenge
"The University of Wisconsin [ed: Go Badgers] has launched a Mac OS X Security challenge, in response to a 'woefully misleading ZDnet article'. From the site: 'The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu. The machine is a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open.' Are you up to the task? Can you prove ZDNet wrong, or can you show that Mac OS X can really be hacked in less then 30 minutes? More information about the challenge is at http://test.doit.wisc.edu/ The challenge ends Fri 10 March 2006 10:00 AM CST."

I'm sure a few of you on here might be up to it... not me.

-Deeboe

If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu, The Art of War

The security breach took place on February 22 after a Swedish devotee of the Mac set up a Mac Mini as a server and invited all takers to try to compromise the system's security to gain root-level control. Once a hacker has gained root access to a computer system, the attacker can install applications, delete files and folders, and use the computer for any nefarious purpose.

The competition was over in a matter of hours after a hacker, who asked to be identified only as "Gwerdna," gained access to the server in question and defaced the Web site with a message that read, "This sucks. Six hours later this poor little Mac was owned and this page got defaced."

---
Although Gwerdna said that the Mac Mini could have been protected more effectively, he also said that, even had the machine been configured for better security, it would not have stopped him because the vulnerability he exploited has yet to be published and Apple has not released a patch for it.

In the space of about 2 weeks OSX has gone from being this impenetrable operating system to a zombie.

Originally posted here by .:front2back:. In the space of about 2 weeks OSX has gone from being this impenetrable operating system to a zombie.

cheers
front2back

f2b - The link that you have posted refers to the cracking of the other test covered by ZDNet. The test was unfair because SSH accounts were given out to each of the attackers, so privilege escalation, an SSH vuln or something of the sort (this guy claims he used a zero-day exploit) would've gained him root.

The article Deeboe posted about is this one - the new server was set up to prove that ZDNet is wrong. I do not know if that one has been cracked yet or not, but the server is certainly down atm.